Summary: The report by Cyfirma details the Mint Stealer malware, which operates as a “Malware-as-a-Service” (MaaS) and specializes in stealing sensitive data while employing advanced evasion techniques. It targets various applications and uploads stolen data through unsecured connections, posing a significant cybersecurity threat.
Threat Actor: Unknown | Mint Stealer
Victim: Individuals and organizations | Mint Stealer victims
Key Point :
- Mint Stealer targets data from web browsers, cryptocurrency wallets, gaming accounts, VPN clients, and messengers.
- The malware uses encryption and obfuscation to conceal its activities and is distributed via specialized websites with support through Telegram.
- After collecting data, it uploads the information to free file-sharing sites, sending the URL to its command server over an unsecured connection.
- To mitigate risks, users are advised to avoid unverified files, use reliable antivirus software, and stay vigilant against social engineering attacks.
Experts from Cyfirma have released a report on the malware Mint Stealer, which operates under the “Malware-as-a-Service” (MaaS) model. This malware specializes in stealing confidential data and employs advanced techniques to bypass security measures.
Mint Stealer targets a wide range of data, including information from web browsers, cryptocurrency wallets, gaming credentials, VPN clients, messengers, and FTP clients. To conceal its activities, the malware uses encryption and obfuscation.
Mint Stealer is sold on specialized websites, with user support provided through Telegram. The malware container acts as a “dropper,” delivering the primary malicious code in a compressed form.
Stages of Mint Stealer operation:
- The malware extracts the payload from its resource section and creates temporary files on the user’s system.
- It then executes the loaded files and prepares for data collection.
- The final stage involves gathering information, including data from browsers, wallets, games, VPNs, messengers, and FTP clients.
Mint Stealer collects data from various applications, including browsers (Opera, Firefox, Edge), cryptocurrency wallets (Exodus, Electrum), gaming accounts (Battle.net, Minecraft), VPN clients (Proton VPN), and messengers (Skype, Telegram). It also gathers system information and monitors the clipboard.
After data collection, the malware creates an archive and uploads it to free file-sharing websites. The URL of the uploaded file is sent to the malware’s command server. Notably, the data transfer to the server occurs through an unsecured connection.
Mint Stealer poses a significant threat to cybersecurity due to its capability to steal a broad spectrum of data and evade detection. The malware is actively sold on specialized websites and receives updates to circumvent antivirus programs.
To protect against Mint Stealer, it is recommended to:
- Avoid opening files from unverified sources.
- Use reliable antivirus software.
- Regularly update all software.
- Be vigilant against potential social engineering attacks.
These measures will help mitigate the risk of infection and safeguard important data from theft.
Related Posts:
Source: https://securityonline.info/mint-stealer-new-maas-malware-threatens-confidential-data